HP Thin Client – Easy Tools – Could Not Retrieve Information from Server

We recently acquired 30x HP t520 Thin Client. At this time, we’ve already set up our vdi solution (server) and we are trying to config our clients. Unfortunately, we can not update OS image. The download is very slow… and gets stuck, getting this message:

“Could not retrieve infromation from server”

I have found out the ftp adress for the .ibr image

ftp://ftp.hp.com/ftp2/pub/tcimages/EasyUpdate/Images/t520/

[WES7E-32 Image 14WWZDCE301 English (Nov 2014)]

Description=WES7E-32 Image 14WWZDCE301 English (Nov 2014)

File=../7EZDCABA1109VIAFBedoc_flash.ibr

Size=4669729199

OSVERSION=WES7

Release Notes: ftp://ftp.hp.com/ftp2/pub/tcimages/EasyUpdate/Images/7EZDCABA1109VIAFBedoc_flash.TXT

Image File: ftp://ftp.hp.com/ftp2/pub/tcimages/EasyUpdate/Images/7EZDCABA1109VIAFBedoc_flash.ibr

via

HP Thin Client – Easy Tools – Very slow image download and f… – HP Support Forum – 4858198.

via HP Thin Client – Easy Tools – Could Not Retrieve Information from Server.

via HP Thin Client – Easy Tools – Could Not Retrieve Information from Server.

 

While updating the image for an HP T620 thin client, we received this same error.  Thanks to the post above I was able to download the file manually from the HP FTP server.  However, I’m now having trouble installing the image.

#citrix, #hp, #publisheddesktop, #t620, #thinclient, #virtualization-2

Do WES7 Thin Clients need Antivirus Software to be HIPAA Compliant?

While developing a custom image for a new HP T620 thin client with Windows Embedded Standard 7, I came across the obvious security question: Do WES7 Thin Clients need Antivirus Software to be HIPAA Compliant?  Not being sure whether it is an industry standard to include antivirus software for thin clients, I posted the question in a number of IT forums.  There was conflicting response from our online community of experts, both with good reasoning behind their assertions.

Why would you not include antivirus software on a thin client?  For a number of reasons actually.  Adding antivirus clients to all thin clients is more costly.  It can also be viewed as overkill since the client is just a sort of viewer or dumb terminal that connects the user to his/her published desktop or applications.  Assuming that the connections are encrypted and there is no data stored locally, why go to greater, more costly lengths in protecting the thin client?  As a matter of fact, a selling point for several thin client vendors is that thin clients help eliminate cost because they do not require antivirus software installed locally.

Being that the server hosting the services is already protected by antivirus software, having it on both machines might appear to be overly cautious.  Furthermore, the thin client’s embedded OS is a stripped down version that has lesser functionality and services running, so the risk of infection is less.  Locking down the client even more by modifying local policies, accounts and applications also minimizes risk.

So where do I stand on whether Thin Clients need Antivirus Software?  I have to agree that antivirus software on thin clients is best practice in my opinion.  As other IT professionals stated, the fact that the machine is running services and is connected to the LAN puts it at risk of infection even though the risk is small.  If malware is already present in the LAN or is brought in through the use of USBs, then the risk of infection for thin clients is greater than if they had antivirus software installed.

Do WES7 Thin Clients need Antivirus Software to be HIPAA Compliant?  The short answer is no. I don’t consider that thin clients need antivirus software to be HIPAA compliant because it is not specifically required that all machines connected to the LAN have antivirus software installed.

The following was quoted from an online source and states:

Standard 164.308(a)(5)(ii)(B): PROTECTION FROM MALICIOUS SOFTWARE: (The Covered Entity must implement) “Procedures for guarding against, detecting, and reporting malicious software.” – See more at: http://www.physicianspractice.com/blog/hipaa-compliant-antivirus-protected-computers-can-still-get-i…

The rule doesn’t make it very clear and is at the organization’s discretion just how to address this.  For example, one could “address” this by implementing firewalls and/or security appliances that have antivirus built in such as Cisco Meraki MX80 (which we are using) that protects the LAN. Additionally, the thin client itself, does not store ePHI locally.  Thus, one might argue that the servers hosting the published desktops have antivirus software to address this section of HIPAA.

On the other hand, I can tell you that on one occasion I had to run on-demand virus removal tools on a thin client because it was infected with malware.  I was alerted to it by the Meraki appliance.  My guess is that a PC user downloaded the malware and it spread to the thin client that was sitting unprotected on the same LAN.

Thus, while having antivirus software on thin clients is not necessary to be HIPAA compliant, I consider it a best practice because depending on the type of infection, it could spread to other machines in the LAN, perhaps even shared files and folders hosted on servers.

Fix Unidentified Network Local Only in Vista when Tethering Phone Connection

This is an update to my previous post Fix Unidentified Network Local Only.  As mentioned previously, an HP Pavilion Entertainment PC/Notebook could connect to a wireless network but could not access the internet.  The connection details stated Unidentified Network Access: Local Only.

Microsoft Fix It automatically fixed the problem the first time around.  However, after installing updates to the laptop, the thing was broken again.  The second time I attempted to uninstall the wireless network card and drivers.  After re-installing, connectivity was restored.

In my particular case, however, the user will be connecting to their mobile hotspot; that is, they will be sharing their phone’s internet with the laptop.  When I tried connecting the the phone’s wireless connection the same issue happened all over again.  Apparently, the first two attempts fixed the problem on a home wireless network but not when sharing your phone’s internet connection. Searching online and an hour later, I came across the answer on this forum:

Atheros AR5007EG & AR5007 We have recently been seeing a lot of problems with the above adapters over the last few months, mainly concerning WPA and WPA2 encryption and windows Vista. 
The adapter gets an IP configuration, and shows as connected, but communication is non-existent or sporadic.

Atheros AR5007 is the wireless network adapter on the HP Pavilion laptop I was working on.

The updated drivers are located here.

So, after downloading and updating the drivers for Atheros AR5007 wireless NIC internet connectivity has been restored for good 🙂